Page 5 of 11 FirstFirst ... 3 4 5 6 7 ... LastLast
Results 41 to 50 of 110
  1. #41
    New ROGer Array
    Join Date
    Jan 2017
    Reputation
    10
    Posts
    8

    Quote Originally Posted by dyni00 View Post
    hi. i have tpm2.0 asus module http://a.co/4X8qGSb



    its not possible to create admin ownership in windows 10 because firmware is not safe





    tpm.msc and click on second option CLEAR TPM - reboot - and this same window CLEAR TPM..
    no option to PREPARE!

    but......... in uefi i turn off (disable) STORAGE HIERARCHY in SECURITY OPTION and work! PREPARE IS POSSIBLE!
    but STORAGE HIERARCHY - what this. i study of 10 pages with try to explain and my head are overheat

    will anyone explain to me if turning off this option is crucial to secure a computer using a bitlocker?

    and ASUS!!! please update firmware of this module!! im going to reddit #asustpm

    Your problem is not about firmware. Yes, of course, Asus must release a firmware update, but is nothing about your problem.

    Windows 10, in latest updates (i believe that since Redstone 1), dont use by default ownauth. Well, in really is used, but completely transparent for the user, TPM is autoprovisioned by Windows. If you need or want really use OwnAuth, you must configure it in group policy: Administrative Templates -> System ->Trusted Platform Module Services

    About "STORAGE HIERARCHY", is a feature in TPM 2.0, if you disable it, them Windows can't use autoprovisioning, so you are forcing to use the old system (ManagedAuthLevel = Full, instead delegated), much more insecure, you are removing features from 2.0 specifications. You can force Windows to use Full AuthLevel if you need it, without removing any feature, but is not recommended,

    And again, is nothing about firmware
    Last edited by Theliel; 01-02-2018 at 01:53 AM.

  2. #42
    ROG Member Array Fahrenhe1t PC Specs
    Fahrenhe1t PC Specs
    MotherboardASUS ROG STRIX z270G
    ProcessorIntel 7700K 4.2GHz
    Memory (part number)64GB Corsair Vengeance LPX 3200MHz DDR4
    Graphics Card #1ASUS Turbo GTX 1080 8GB
    MonitorASUS ROG SWIFT PG278QR 27" 165Hz
    Storage #1Samsung 960 EVO NVMe M.2 500GB
    CPU CoolerCorsair H100i v2
    CaseCorsair Air240
    Power SupplyCorsair HX1000i 1000W
    OS Windows 10 Pro 64-bit
    Fahrenhe1t's Avatar
    Join Date
    Mar 2017
    Reputation
    10
    Posts
    9

    I'd like an ASUS TPM 2.0 module firmware update please.

  3. #43
    ROG Guru: Yellow Belt Array lightknightrr PC Specs
    lightknightrr PC Specs
    MotherboardAsus Crosshair VI Hero WiFi
    ProcessorAMD Ryzen-7 1800X
    Memory (part number)F4-3200C14D-32GTZ
    Graphics Card #1Radeon Vega Frontier Edition
    Sound CardHT Omega eClaro
    MonitorSamsung 4K
    Storage #1Samsung NVMe SSD 960 PRO 1TB
    Storage #2Crucial MX200 1TB SSD
    CPU CoolerCorsair H115i
    CaseThermaltake Chaser Mk-1 (Modified)
    Power SupplyThermaltake Toughpower DPS G RGB 1500W Titanium
    Keyboard Corsair K95 RGB PLATINUM
    Mouse Corsair Scimitar Pro RGB
    Mouse Pad Corsair Gaming MM600 Dual Sided Aluminum Gaming Mouse Pad
    OS Windows 10 Pro 64-bit OEM
    Accessory #1 Firewire Expansion Card
    Accessory #2 Black Magic Intensity Pro 4K
    Accessory #3 Mailiya USB 3.0 5-Port Expansion Card
    lightknightrr's Avatar
    Join Date
    Jan 2017
    Reputation
    10
    Posts
    144

    I'd like a working TPM module, update or otherwise. Really dropping the ball here guys.

    Oh, and hats off to CyberLink, who requires Intel security features to play Blu-Rays at 4K. Thanks guys.

  4. #44
    New ROGer Array Lugusto PC Specs
    Lugusto PC Specs
    MotherboardASUS Z170I PRO GAMING
    ProcessorIntel Core i7-6700K
    Memory (part number)Corsair CMK32GX4M2B3000C15
    Graphics Card #1EVGA GeForce GTX 980 Ti
    Storage #1Samsung 960 EVO 250GB M.2 SSD
    Storage #2Seagate BarraCuda 4TB 3.5"
    CPU CoolerCorsair Hydro H80i GT
    CaseSilverStone Sugo SST-SG13B-Q
    Power SupplySilverStone SST-ST85F-GS
    OS Windows 10 Pro x64

    Join Date
    Oct 2017
    Reputation
    10
    Posts
    9

    I too am still waiting - remember we PAID for these devices, using actual money.

  5. #45
    New ROGer Array
    Join Date
    Jan 2018
    Reputation
    11
    Posts
    3

    In case it is helpful to someone, I found a way to update my Asus TPM-M R2.0 14-1 Pin TPM Module to the latest 5.62.3126.0 firmware (previously the TPM had the 5.61.2785.0 firmware with the vulnerability).

    Supermicro (a great server company) sells Infineon-based TPMs - e.g., see http://supermicro.com/products/acces...-TPM-9665V.cfm. Unlike Asus () Supermicro has issued the latest firmware security updates for their Infineon TPM modules. Their update packages appear to be general Infineon updates, so I figured it'd be worth a try to update my Asus module using one.

    Note that you should only attempt this sort of update if you know what you are doing!! If you aren't adept at the command line or if this is all new to you, then DO NOT ATTEMPT THIS. YOU CAN LOSE DATA IF YOU ARE USING BITLOCKER, etc.!!!

    I'll explain what I did and if you want to try with your system/TPM module you will need to adapt as appropriate for your system.

    1. You can find TPM update packages by browsing to ftp://ftp.supermicro.com/driver/TPM/. In my case I looked at the various firmwares included, and the "9665FW update package_1.1.zip" bundle contained firmware that matched my Asus TPM. So be sure to pick the right update bundle for your TPM (?).

    2. I completely turned OFF and disable Bitlocker and Windows Hello. You must decrypt your drive so that the TPM is NOT in use!

    3. I ran "tpm.msc" and executed the "Clear TPM..." option in Action. This rebooted the machine and the Asus BIOS had me press F12 to clear the TPM.

    4. After rebooting again, I then booted into the BIOS and turned the TPM completely OFF in the BIOS settings. You must completely disable Windows' use of the TPM in order to update the firmware.

    5. I booted back into Windows, and extracted the firmware update package bundle. For ease of operation I then copied the Windows update executable from the "...\Tools\WinPE\Bin\x64\" directory into the "...\Firmware\" directory.

    6. I then ran an Administrator command prompt, and changed to the "...\Firmware\" directory. Then I ran "TPMFactoryUpd.exe -update config-file -config TPM20_latest.cfg". The updater detected my TPM, and flash updated to the latest firmware in the bundle. Again, if you try this your command line may need to be different (use "TPMFactoryUpd.exe -?" for command line help with the tool).

    Click image for larger version. 

Name:	tpm-update.jpg 
Views:	0 
Size:	105.4 KB 
ID:	70491

    7. Then I rebooted back to the BIOS, turned the TPM back on, and re-enabled everything, and "tpm.msc" shows that my Asus TPM has been updated and no longer has the vulnerability.

    Click image for larger version. 

Name:	tpm-msc.jpg 
Views:	0 
Size:	133.7 KB 
ID:	70492

    Note that the update bundle also includes a UEFI updater that you can run from the BIOS, but I didn't bother doing that because I didn't have time to figure it out.

    Anyway I hope this is helpful to others!

  6. #46
    ROG Guru: Yellow Belt Array lightknightrr PC Specs
    lightknightrr PC Specs
    MotherboardAsus Crosshair VI Hero WiFi
    ProcessorAMD Ryzen-7 1800X
    Memory (part number)F4-3200C14D-32GTZ
    Graphics Card #1Radeon Vega Frontier Edition
    Sound CardHT Omega eClaro
    MonitorSamsung 4K
    Storage #1Samsung NVMe SSD 960 PRO 1TB
    Storage #2Crucial MX200 1TB SSD
    CPU CoolerCorsair H115i
    CaseThermaltake Chaser Mk-1 (Modified)
    Power SupplyThermaltake Toughpower DPS G RGB 1500W Titanium
    Keyboard Corsair K95 RGB PLATINUM
    Mouse Corsair Scimitar Pro RGB
    Mouse Pad Corsair Gaming MM600 Dual Sided Aluminum Gaming Mouse Pad
    OS Windows 10 Pro 64-bit OEM
    Accessory #1 Firewire Expansion Card
    Accessory #2 Black Magic Intensity Pro 4K
    Accessory #3 Mailiya USB 3.0 5-Port Expansion Card
    lightknightrr's Avatar
    Join Date
    Jan 2017
    Reputation
    10
    Posts
    144

    We are going to need a volunteer.

  7. #47
    New ROGer Array
    Join Date
    Aug 2017
    Reputation
    10
    Posts
    10

    Quote Originally Posted by rasmorthil View Post
    In case it is helpful to someone, I found a way to update my Asus TPM-M R2.0 14-1 Pin TPM Module to the latest 5.62.3126.0 firmware (previously the TPM had the 5.61.2785.0 firmware with the vulnerability).

    Supermicro (a great server company) sells Infineon-based TPMs - e.g., see http://supermicro.com/products/acces...-TPM-9665V.cfm. Unlike Asus () Supermicro has issued the latest firmware security updates for their Infineon TPM modules. Their update packages appear to be general Infineon updates, so I figured it'd be worth a try to update my Asus module using one.

    Note that you should only attempt this sort of update if you know what you are doing!! If you aren't adept at the command line or if this is all new to you, then DO NOT ATTEMPT THIS. YOU CAN LOSE DATA IF YOU ARE USING BITLOCKER, etc.!!!

    I'll explain what I did and if you want to try with your system/TPM module you will need to adapt as appropriate for your system.

    1. You can find TPM update packages by browsing to ftp://ftp.supermicro.com/driver/TPM/. In my case I looked at the various firmwares included, and the "9665FW update package_1.1.zip" bundle contained firmware that matched my Asus TPM. So be sure to pick the right update bundle for your TPM (?).

    2. I completely turned OFF and disable Bitlocker and Windows Hello. You must decrypt your drive so that the TPM is NOT in use!

    3. I ran "tpm.msc" and executed the "Clear TPM..." option in Action. This rebooted the machine and the Asus BIOS had me press F12 to clear the TPM.

    4. After rebooting again, I then booted into the BIOS and turned the TPM completely OFF in the BIOS settings. You must completely disable Windows' use of the TPM in order to update the firmware.

    5. I booted back into Windows, and extracted the firmware update package bundle. For ease of operation I then copied the Windows update executable from the "...\Tools\WinPE\Bin\x64\" directory into the "...\Firmware\" directory.

    6. I then ran an Administrator command prompt, and changed to the "...\Firmware\" directory. Then I ran "TPMFactoryUpd.exe -update config-file -config TPM20_latest.cfg". The updater detected my TPM, and flash updated to the latest firmware in the bundle. Again, if you try this your command line may need to be different (use "TPMFactoryUpd.exe -?" for command line help with the tool).

    Click image for larger version. 

Name:	tpm-update.jpg 
Views:	0 
Size:	105.4 KB 
ID:	70491

    7. Then I rebooted back to the BIOS, turned the TPM back on, and re-enabled everything, and "tpm.msc" shows that my Asus TPM has been updated and no longer has the vulnerability.

    Click image for larger version. 

Name:	tpm-msc.jpg 
Views:	0 
Size:	133.7 KB 
ID:	70492

    Note that the update bundle also includes a UEFI updater that you can run from the BIOS, but I didn't bother doing that because I didn't have time to figure it out.

    Anyway I hope this is helpful to others!
    Thanks this worked for me.

  8. #48
    New ROGer Array Lugusto PC Specs
    Lugusto PC Specs
    MotherboardASUS Z170I PRO GAMING
    ProcessorIntel Core i7-6700K
    Memory (part number)Corsair CMK32GX4M2B3000C15
    Graphics Card #1EVGA GeForce GTX 980 Ti
    Storage #1Samsung 960 EVO 250GB M.2 SSD
    Storage #2Seagate BarraCuda 4TB 3.5"
    CPU CoolerCorsair Hydro H80i GT
    CaseSilverStone Sugo SST-SG13B-Q
    Power SupplySilverStone SST-ST85F-GS
    OS Windows 10 Pro x64

    Join Date
    Oct 2017
    Reputation
    10
    Posts
    9

    Thanks @RASMORTHIL this worked for me as well, now running 5.62.3126.0 and the warning is gone.

    I'd previously tried finding straight-up Infineon firmware files but had no luck, the Supermicro FTP site was a great find. I didn't decrypt my drives, just suspended BitLocker, cleared the TPM, disabled it in the BIOS, next boot ran the update tool, another reboot and enabled the TPM in the BIOS, BitLocker then re-enabled itself after taking ownership on the next and final boot.

    Cheers!

  9. #49
    New ROGer Array Clement Chong PC Specs
    Clement Chong PC Specs
    MotherboardASUS X99-M WS
    ProcessorBX80660E51650V4
    Memory (part number)CT4K8G4WFS824A
    Graphics Card #1ZT-P10810D-10P
    MonitorLG 27UD68
    Storage #1SSDPE21K375GA
    CPU CoolerCorsair H80i v2
    CaseSST-KL06B-W
    Power SupplyEVGA G3 1000W
    OS Windows 10 Pro

    Join Date
    Dec 2014
    Reputation
    10
    Posts
    8

    Quote Originally Posted by Lugusto View Post
    Thanks @RASMORTHIL this worked for me as well, now running 5.62.3126.0 and the warning is gone.

    I'd previously tried finding straight-up Infineon firmware files but had no luck, the Supermicro FTP site was a great find. I didn't decrypt my drives, just suspended BitLocker, cleared the TPM, disabled it in the BIOS, next boot ran the update tool, another reboot and enabled the TPM in the BIOS, BitLocker then re-enabled itself after taking ownership on the next and final boot.

    Cheers!
    I don't think it is a good idea to just suspend since the insecure key (if the key is generated by the TPM with the old firmware it is insecure) is still the same, it is recommended to decrypt the drive, get the TPM to regenerate a new key and re-encrypt the whole drive using the new key.

  10. #50
    New ROGer Array
    Join Date
    Jan 2018
    Reputation
    11
    Posts
    3

    Quote Originally Posted by Clement Chong View Post
    I don't think it is a good idea to just suspend since the insecure key (if the key is generated by the TPM with the old firmware it is insecure) is still the same, it is recommended to decrypt the drive, get the TPM to regenerate a new key and re-encrypt the whole drive using the new key.
    Yes, agreed. Given the nature of the vulnerability, it's best to regenerate a new key.

Page 5 of 11 FirstFirst ... 3 4 5 6 7 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •